General

  • Target

    b32f0dffd8659a8a2669864edf56c7e4bd369405d3e38daa01360ca2fc1e6825.exe

  • Size

    2.4MB

  • Sample

    240507-v9xvvagf7s

  • MD5

    2c9f8873126d4837e4dec1e9b93fac9e

  • SHA1

    e22b3ed42f3c8ed0bdd7348b0842dce4f668598a

  • SHA256

    b32f0dffd8659a8a2669864edf56c7e4bd369405d3e38daa01360ca2fc1e6825

  • SHA512

    274245a76fb355bd09043db77cf5dda5221bd8a8db0fd592427a1ad7ef9e836d7120c20c44621476095ee2f0eb786881422a4b97ffdc4d2d856bbc0dd427d53a

  • SSDEEP

    49152:jGPXfEWljxz11fwzg1fHwaDybx1K4rRqwtSdpIcTQEBo:6PXp71fwc1fHwaUxRtwIQvBo

Malware Config

Targets

    • Target

      b32f0dffd8659a8a2669864edf56c7e4bd369405d3e38daa01360ca2fc1e6825.exe

    • Size

      2.4MB

    • MD5

      2c9f8873126d4837e4dec1e9b93fac9e

    • SHA1

      e22b3ed42f3c8ed0bdd7348b0842dce4f668598a

    • SHA256

      b32f0dffd8659a8a2669864edf56c7e4bd369405d3e38daa01360ca2fc1e6825

    • SHA512

      274245a76fb355bd09043db77cf5dda5221bd8a8db0fd592427a1ad7ef9e836d7120c20c44621476095ee2f0eb786881422a4b97ffdc4d2d856bbc0dd427d53a

    • SSDEEP

      49152:jGPXfEWljxz11fwzg1fHwaDybx1K4rRqwtSdpIcTQEBo:6PXp71fwc1fHwaUxRtwIQvBo

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks